Package: apt Severity: wishlist On Ma, 06 aug 19, 16:22:34, Keith Bainbridge wrote: > > I found a simple guide at > > > https://www.linuxbabe.com/debian/install-latest-virtualbox-6-0-10-debian-10-buster > > > In summary: > Create new sources file: > sudo nano /etc/apt/sources.list.d/oracle-virtualbox.list > > with this text: > deb https://download.virtualbox.org/virtualbox/debian buster contrib > > > Run this command to add key: > wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo > apt-key add - > > > apt(-get) update > and install > apt(-get) install virtualbox-6.0 > > This installed Version 6.0.10 r132072 (Qt5.9.5) This procedure will automatically make the Oracle key trusted for *all* configured repositories (notably Debian). If my reading of sources.list(5) is correct one could store the key in a directory that is *not* /etc/apt/trusted.gpg.d/ and use Signed-By in sources.list to point apt to the correct key. Please make this more obvious/easier to setup, e.g. by shipping an external.gpg.d/ directory, or making this setup more obvious in the manpage. Another idea would be for apt to consider only repository keys installed in a repository-specific location (e.g. path/filename based on origin/label/etc.). Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser
Attachment:
signature.asc
Description: PGP signature